Salts are great when you are storing lots of passwords, otherwise they are fairly useless since they are stored in plaintext. If an attacker manages to get your hashed passwords, then assume that they can get their hands on your salts.
Use SHA-256 because it's a cryptographically strong hash function, and use salts. But most importantly, just use strong passwords combined with strong hashing algorithms.